xmrig | 7b10e4a95366fdf2776279754d6b6b72ba165bb579c28f6268d710489cf34cf1

Analysis

max time kernel
135s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 14:49

Target

cc484fdd205b1e883b34615a781b53b4.exe
Size

784KB
MD5

cc484fdd205b1e883b34615a781b53b4
SHA1

07ab3193c7c27c672ec92c67525d58ecd8d7f6f9
SHA256

7b10e4a95366fdf2776279754d6b6b72ba165bb579c28f6268d710489cf34cf1
SHA512

753dc34b4ff50453ad3ca3ff8e1368187469cb1affb1e1fd11dedad90d7e4e016caa084e02527d260d2125a5f6194f861bd616787ba5ba965621b15462a7fa9a
SSDEEP

12288:o1og3eu5bZWRkxK+kjQfJC92XVMWkpic6cR6/1ACX4Zu/IrFZ5/PGyxkw:o153eudZWRkbrgLWv/1p4+IRvvxP

Score

10^/10

xmrig miner upx

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/4952-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4952-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4400-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4400-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/4400-20-0x00000000054A0000-0x0000000005633000-memory.dmp	xmrig
behavioral2/memory/4400-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
4400	cc484fdd205b1e883b34615a781b53b4.exe

Executes dropped EXE 1 IoCs

pid	Process
4400	cc484fdd205b1e883b34615a781b53b4.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4952-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x0010000000023153-11.dat	upx
behavioral2/memory/4400-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4952	cc484fdd205b1e883b34615a781b53b4.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4952	cc484fdd205b1e883b34615a781b53b4.exe
4400	cc484fdd205b1e883b34615a781b53b4.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4952 wrote to memory of 4400	4952	cc484fdd205b1e883b34615a781b53b4.exe	90
PID 4952 wrote to memory of 4400	4952	cc484fdd205b1e883b34615a781b53b4.exe	90
PID 4952 wrote to memory of 4400	4952	cc484fdd205b1e883b34615a781b53b4.exe	90

C:\Users\Admin\AppData\Local\Temp\cc484fdd205b1e883b34615a781b53b4.exe

Filesize
170KB

MD5
1c316f269485bb5bef4a3885ed55d229

SHA1
b75ef0a123abb59888c36e7adce85aed1a019153

SHA256
e28f846b0404520f1b4f58dda9605416503b4ed155b0282948c3b1971901ddcc

SHA512
6bf4fc22a2ef8972f4667d26e4c9a8e833cdd22cb1213d06f51be62b65ce82a2839b6bb16272f180564cac3ad427277beb7af61c2e1bd7007ec458b5a47c2192

Download Submit
memory/4400-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4400-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4400-17-0x00000000018D0000-0x0000000001994000-memory.dmp

Filesize
784KB

Download
memory/4400-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4400-20-0x00000000054A0000-0x0000000005633000-memory.dmp

Filesize
1.6MB

Download
memory/4400-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4952-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4952-1-0x00000000017F0000-0x00000000018B4000-memory.dmp

Filesize
784KB

Download
memory/4952-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4952-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download